Jigme Datse@JigmeDatse@social.openpsychology.net
@fabio@manganiello.social @mutualaid@a.gup.pe @aral@mastodon.ar.al @davidculley@hachyderm.io @Aseelsehwel@mas.to @NouranKhaledGh@mastodon.social Thank you for confirming that you are happy to be scammed, and feel others should be as well. I don't really mind that. As best I can see your "evidence" is barely above what scammers do provide when they are more committed to the scam.
I don't mind one bit. Your response makes it clear that you'd rather people blindly accept "your" sense of "this is good, go for it," than actually express their concerns.
Something about goose and gander... Not sure what it is though. Maybe you can figure it out.
Fabio Manganiello@fabio@manganiello.social
@JigmeDatse@social.openpsychology.net @mutualaid@a.gup.pe @aral@mastodon.ar.al @davidculley@hachyderm.io @Aseelsehwel@mas.to @NouranKhaledGh@mastodon.social look, this is not your normal KYC use-case.
This is not a Western business in a country not at war that tries to get electronic payments, where you would usually check the bank account, cross check WorldCheck lists, ask for a selfie next to a driver’s license, cross check Onfido records, check source IPs etc.
This is a scenario of large scale genocide where a lot of private property has been destroyed, where those on the ground regularly use VPNs to bypass the checks put on them by a hostile government, and where bank accounts that receive foreign payments get easily blocked.
So it’s normal that the person that collects the money isn’t the same one that receives it, or the IP addresses are from another country, or that traditional IDs may be hard to get by.
So my question is: how do we bootstrap trust in such extreme conditions?
I’ve come up with a couple of rules of thumb, and decided that it’s ok to take a little more risk if given enough evidence that makes fraud unlikely. The alternative is not to give any help to someone who may actually need it and contribute to their death. So how much appetite for risk are we willing to take? And if the things we’re asking to verify identity aren’t sufficient what framework would you propose?